Solved

IP routing

Posted on 2000-03-10
11
272 Views
Last Modified: 2010-03-18
I wanted to do some subnetworking with linux, but I could not get the routing table right.
---------------------------------------
The network is connected to a Router(A)
IP = X.X.12.254
Mask = 255.255.252.0
Network X.X.12.0

Two Host and a Router(B)is connected directly to this Router(A)

Host1
IP = X.X.12.157

Host2
IP = X.X.12.158
---------------------------------------
Router(B)
IP = X.X.12.159

Next
Two Subnet is connected to Router(B)

Router(B)
Subnet(1) IP = X.X.12.161
Subnet(2) IP = X.X.12.177

Subnet(1)
Network = X.X.12.160
Broadcast = X.X.12.175
Mask = 255.255.255.240

Subnet(2)
Network = X.X.12.176
Broadcast = X.X.12.191
Mask = 255.255.255.240

Each Subnet has a router

Router(C)
IP = X.X.12.162

Router(D)
IP = X.X.12.178
---------------------------------------
Each router as a subnet
Router(C)
IP address = X.X.12.169

Subnet(3)
Network = X.X.12.168
Broadcast = X.X.12.175
Mask = 255.255.255.248

There is a Host in Subnet(3)
Host3
IP = 143.167.12.170
--------------------------------------
Router(D)
IP address = X.X.12.185

Subnet(4)
Network = X.X.12.184
Broadcast = X.X.12.191
Mask = 255.255.255.248

There is a Host in Subnet(4)
Host4
IP = X.X.12.186

Please tell me should I get all host connected? That means that how all the routing table should look like.
0
Comment
Question by:cny
  • 5
  • 4
  • 2
11 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 2604448
The routers should be responsible for all routing decisions for destinations outside of your local network segment. Thus all you should need to do is to install a default route pointing to one of the routers (the one that can forwards to the "world"). If the routers have been properly configured, the default router will issue a re-direct for nodes reachable by another router local to you network segment.

I'll have to take your question and draw a map to be able to say more.
0
 

Author Comment

by:cny
ID: 2604606

I know how to use netconf and netcfg,
I hope this will help.





0
 
LVL 40

Expert Comment

by:jlevie
ID: 2605368
Now that I've drawn the network map I see what your problem really is and I don't see any way you can do it with routing on the Linux box (or router A for that matter. You'd have to use proxy arp configured on routers B, C, & D.

The reason is that the network connected to router A (xxx.xxx.12.0/255.255.252.0) is the entire address space. Thus the implicit route from a system directly connected to Router A's network is to everything within that network.

You could change the network design so that the each router has just a piece of the address space (say give each segment a Class C or portion thereof). Then configure the routers to use RIP or preferrably something fancier like IGRP or EIGRP so that each knows what networks are reachable and by what route. The the Linux box could have a default route to router A, which would issue a re-direct to the router B gateway for networks below B.
0
 

Author Comment

by:cny
ID: 2607801
I am not so sure that router(A) is x.x.12.0 for the network address.
But i am pretty sure that the mask is 255.255.252.0, as all node connected to it has a mask of 255.255.252.0

I have no control of router(A) as it does not belongs to me.


0
 
LVL 40

Expert Comment

by:jlevie
ID: 2607907
If the nodes on router A's net have that netmask, then it's ethernet interface has been configured for that network/netmask. Since you don't control router A, there's only two choices.

The simplest is (if you control the other routers and they support it, Ciscos do) to configure the interior routers to do proxy arp. This is exactly the problem that proxy arp was designed to solve, the rfc for more details.

The only other viable solution would be to put a NAT box between router A and the interior routers. You'd likely want to set it up for one-to-one static translations between a private address space and the n.n.12.0 net. There wouldn't be any need for firewall filters, so you'd leave it wide open.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:cny
ID: 2608101
Yes, all the internal router are linux box, so how can i configure proxy arp then?
0
 

Author Comment

by:cny
ID: 2608106
Adjusted points to 100
0
 
LVL 40

Expert Comment

by:jlevie
ID: 2608486
I think you'll find what you need in http://spigot.anu.edu.au/people/bob/ProxyARP-subnet.html
0
 
LVL 8

Accepted Solution

by:
stefanx earned 100 total points
ID: 2611116
OK, I've drawn the network map as well.
JLevie has really told you what to do, but I'll try and give it to you in actual commands.

Basically, the subnetting below router B is straigtforward and not a problem (relax, I'll do it for you anyway ;) The more serious issue is your having to use proxy arp on router B to enable router A to give router B all packets for networks below router B. For this exercise I'm assuming your routing boxes have multiple ethernet cards installed. Router B has 3 ethernet cards. Lets call these eth0, eth1 and eth2. eth1 connects to 143.167.12.0/22, eth1 connects to 143.167.12.160/29 and eth2 connects to 143.167.12.176/29.
Lets assume your MAC Addresses for the cards are as follows (run ifconfig | grep HWAddr) on router B to see what they really are)

eth0: AA:AA:AA:AA:AA:AA
eth1: BB:BB:BB:BB:BB:BB
eth2: CC:CC:CC:CC:CC:CC

The proxy arp entries on router B need to look as follows (they could be simplified - I'm only doing it this way do that you'll see what I'm doing)

arp -i eth0 -s 143.167.12.160 netmask 255.255.255.248 AA:AA:AA:AA:AA:AA pub
arp -i eth0 -s 143.167.12.176 netmask 255.255.255.248 AA:AA:AA:AA:AA:AA pub
arp -i eth0 -s 143.167.12.168 netmask 255.255.255.248 AA:AA:AA:AA:AA:AA pub
arp -i eth0 -s 143.167.12.184 netmask 255.255.255.248 AA:AA:AA:AA:AA:AA pub

What this does is to let router B be given all the packets destined for the networks connected below it (you have to use proxy ARP because you cannot add a static route

The rest of router B's configuration is pretty simple.

route add default gw 143.167.12.254
(You probably have this already)

route add -net 143.167.12.160 netmask 255.255.255.248 eth1
(You probably have this already, but Linux Kernels before 2.2.X don't)

route add -net 143.167.12.176 netmask 255.255.255.248 eth2
(You probably have this already, but Linux Kernels before 2.2.X don't)

route add -net 143.167.12.168 netmask 255.255.255.248 gw 143.167.12.162

route add -net 143.167.12.184 netmask 255.255.255.248 gw 143.167.12.178

That's it for router B.

---------
Router C:
---------

route add default gw 143.167.12.161

route add -net 143.167.12.160 netmask 255.255.255.248 eth0
(You probably have this already, but Linux Kernels before 2.2.X don't)

route add -net 143.176.12.168 netmask 255.255.255.248 eth1
(You probably have this already, but Linux Kernels before 2.2.X don't)

---------
Router D:
---------

route add default gw 143.167.12.177

route add -net 143.167.12.176 netmask 255.255.255.248 eth0
(You probably have this already, but Linux Kernels before 2.2.X don't)

route add -net 143.176.12.184 netmask 255.255.255.248 eth1
(You probably have this already, but Linux Kernels before 2.2.X don't)

---------
Hosts:
---------

All hosts have their default gateways specified as the upward router in their subnet.
For example, :

Host 143.167.12.170 has default gateway 143.176.12.169 netmask 255.255.255.248
Host 143.167.12.186 has default gateway 143.176.12.185 netmask 255.255.255.248
Host 143.176.12.158 has default gateway 143.176.12.254 netmask 255.255.252.0
Host 143.176.12.157 has default gateway 143.176.12.254 netmask 255.255.252.0


-----------
Some Notes
-----------

ifconfig, arp and routing is significantly more clever is Linux 2.2 kernels than it is in previous kernels. Of course, all kernels need to allow IP forwarding. For Kernels prior to 2.0.X (for example 1.2.13), this requires that you recompile the kernel. For later kernels ensure that ip forwading is enabled (check if the pseudo file /proc/sys/net/ipv4/ip_forward contains 1). I read somewhere that Address Resolution Protocol (arp) works different on 2.2.X Kernels as well although I can't confirm this. Basically, I think it stated that it required a proxy arp per individual host rather than per netmask (in kernels prior to 2.2.X arp HAD to operate with a netmask and 255.255.255.255 was not a valid netmask).

Hope this helps you.

0
 
LVL 8

Expert Comment

by:stefanx
ID: 2703620
Uhmm - a grade of C is really not appreciated. Do you consider the answer to be "Average" ? If the answer was easy and a no-brainer, why do you think that only jlevie and I answered it? If the answer didn't meet your needs, why didn't you ask more? Really, I don't think C is a worthwhile "grade". I really don't like seeing any C's in my profile, especially if I bothered to make quite some efforts in answering your question. I mean sure, an answer like "Go buy Linux Essential Networking" is worth a grade C, but drawing out a network map and giving you the routing commands for each segment required at least a B and actually an A.

Of course, with your dismal rating scores on all questions, a C coming from you is probably good. Don't expect me to bother answering any questions from you again, though.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 2704146
Stefanx,

I concur, that answer took a lot more work than a C grade reflects. Perhaps you should take the matter up with EE.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now